Hi,
I inherited a server (the guy that built it left) running centos 7 and
Identity Management (Kerberos, 389DS, ...) with NFS.
Everything concerning login (with network accounts) is very slow ( several
seconds)
I already solved a lot of problems on this server(DNS, NTP, firewall, ...),
but I am n
On Tue, Aug 11, 2015 at 10:37:16AM +0200, seli irithyl wrote:
> Hi,
>
> I inherited a server (the guy that built it left) running centos 7 and
> Identity Management (Kerberos, 389DS, ...) with NFS.
> Everything concerning login (with network accounts) is very slow ( several
> seconds)
> I already
if I ssh with an ipa user, authentication hangs on "we sent a
gssapi-with-mic packet, wait for reply" from 5s to 10s
if I ssh with local user, auth is nearly immediate (less than 1s)
>From a client :
[test@argon ~]$ time id test
uid=1713400050(test) gid=1713400050(test)
groups=1713400050(test),17
In the logs, there is lots of warnings concerning pki tomcat server :
Aug 13 09:51:56 lead.bioinf.local systemd[1]: Started The Apache HTTP
Server.
Aug 13 09:51:56 lead.bioinf.local systemd[1]: Starting
system-pki\x2dtomcatd.slice.
Aug 13 09:51:56 lead.bioinf.local systemd[1]: Created slice
syste
On Thu, Aug 13, 2015 at 12:12:03PM +0200, seli irithyl wrote:
> In the logs, there is lots of warnings concerning pki tomcat server :
>
> Aug 13 09:51:56 lead.bioinf.local systemd[1]: Started The Apache HTTP
> Server.
> Aug 13 09:51:56 lead.bioinf.local systemd[1]: Starting
> system-pki\x2dtomcat
Here's the sssd_domain log part during an ssh
(Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [be_get_account_info]
(0x0200): Got request for [0x3][1][name=test]
(Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [be_req_set_domain]
(0x0400): Changing request domain from [bioinf.local] to [bi
Hi Seli,
In /etc/sssd/sssd.conf add below:
selinux_provider=none
to the domain section. Then restart sssd.
-- john
2015-08-13 16:23 GMT+02:00 seli irithyl :
> Here's the sssd_domain log part during an ssh
>
> (Thu Aug 13 15:22:31 2015) [sssd[be[bioinf.local]]] [be_get_account_info]
> (0x0
> On 13 Aug 2015, at 22:57, John Obaterspok wrote:
>
> Hi Seli,
>
> In /etc/sssd/sssd.conf add below:
> selinux_provider=none
Hmm, good idea. I forgot the version OP was using, but yet -- at one point we
had a bug where the selinux_child would be invoked even if the context didn't
chang
Hi John, Jakub,
I added "selinux_provider = none" to the sssd.conf (as recommended by john)
and then restarted the service and it seems to solve the problem
(almost) !!! Logins are near as fast as when using local users.
What are the consequences when I add this line concerning security ?
Jak
On Mon, Aug 17, 2015 at 09:57:00AM +0200, seli irithyl wrote:
> Hi John, Jakub,
>
> I added "selinux_provider = none" to the sssd.conf (as recommended by john)
> and then restarted the service and it seems to solve the problem
> (almost) !!!
John, thank you very much for suggesting this opti
10 matches
Mail list logo
